Navigation:


DISCUSSIONS > IIA GENERAL DISCUSSION AREA [ REFRESH ]
Thread Title: Enterprise Risk Management
Created On Thursday September 06, 2012 12:19 PM
  Enterprise Risk Management
  Enterprise Risk Management


WAGirl


Posts: 14
Joined: Jan 2012

Thursday September 06, 2012 12:19 PM

User is offline View thread in raw text format

My team and I are assigned to do a Merchandising Risk Assessment Audit and we are trying to collaborate different methods of going about this. The first and obvious method is to meet with and interview different people within the organization to better understand their objectives and their risks. Another method we have contemplated with is having group discussions to facilitate conversations with related parties so that they can openly discuss risks in their area. However, we want to go one step further and research the objectives ourselves and then send a questionnaire to all the key players identifying their objectives and asking them for the risks associated with that objective. After we have all the objectives and risks, then we want to facilitate a group discussion to discuss these risks. Has anyone ever used this method before and has it been successful?

Or does anyone else have any ideas on methods that they have used and we might want to consider? Thanks.

Reply
Quote
Top
Bottom



Awdit


Posts: 33
Joined: Aug 2008

Thursday November 08, 2012 2:37 PM

User is offline View thread in raw text format

There are many ways to do ERM. If you are doing corporate-wide which the name ERM suggests, you can do the same thing for just one department instead of all.

I would identify the processes under the department first (X axis). You could then set up a matrix and have the department management and executives rate them

You could have a previously determined list of risks under each category (Y axis) of: Strategic, Financial, Operational, Reputational, and Compliance. For instance, Financial category would have things like: Access to Capital, Financial Planning, Capital Asset Expenditures,... Operational may have: Business Disruption, Availability of Systems and Data, Availability of Inventory, Vendor Reliance and Management, Contracts,...

It's always best to do a quantitative assessment even though there is always some qualitative aspect to it, especially if you plan on performing audits on those areas.

There's so much to it but hope that can point you in a direction that will suit your goals.

Reply
Quote
Top
Bottom

DISCUSSIONS > IIA GENERAL DISCUSSION AREA [ REFRESH ]
The Institute of Internal Auditors • 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA
+1-407-937-1100 • FAX +1-407-937-1101 • www.theiia.org